package com.ss.project.xia17user.config.security.auth2;

import com.ss.project.xia17user.dao.entity.Client;
import com.ss.project.xia17user.service.ClientService;
import lombok.RequiredArgsConstructor;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.stereotype.Component;
import java.util.Arrays;

/**
 * 获取客户端
 * @author xia17
 * @since 2020/9/15 13:59
 */
@Component
@RequiredArgsConstructor
public class CustomRegisteredClientRepository implements RegisteredClientRepository {

    private final ClientService clientService;

    @Override
    public RegisteredClient findById(String id) {
        throw new RuntimeException("该方法不知道什么时候调用，暂时不实现！");
    }

    /**
     * 通过clientId 查找 RegisteredClient
     * @param clientId /
     * @return /
     */
    @Override
    public RegisteredClient findByClientId(String clientId) {
        Client client = clientService.findByClientId(clientId);
        return client == null ? null : this.of(client);
    }


    /**
     * 将 client 转换成 RegisteredClient
     * @param client /
     * @return /
     */
    private RegisteredClient of(Client client){
        // 创建client构建器
        RegisteredClient.Builder clientBuilder = RegisteredClient.withId(client.getClientId())
                .clientId(client.getClientId())
                .clientSecret(client.getClientSecret());

        // 身份认证方法
        Arrays.stream(client.getAuthenticationMethods().split(","))
                .map(e -> {
                    if (ClientAuthenticationMethod.BASIC.getValue().equals(e)) {
                        return ClientAuthenticationMethod.BASIC;
                    } else if (ClientAuthenticationMethod.POST.getValue().equals(e)) {
                        return ClientAuthenticationMethod.POST;
                    } else if (ClientAuthenticationMethod.NONE.getValue().equals(e)) {
                        return ClientAuthenticationMethod.NONE;
                    }
                    throw new RuntimeException();
                }).forEach(clientBuilder::clientAuthenticationMethod);

        // 授权方式
        Arrays.stream(client.getAuthorizationGrantTypes().split(","))
                .map(e->{
                    if (AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(e)){
                        return AuthorizationGrantType.AUTHORIZATION_CODE;
                    }else if (AuthorizationGrantType.CLIENT_CREDENTIALS.getValue().equals(e)){
                        return AuthorizationGrantType.CLIENT_CREDENTIALS;
                    }else if (AuthorizationGrantType.PASSWORD.getValue().equals(e)){
                        throw new RuntimeException("暂时不支持PASSWORD授权方式");
                    }else if (AuthorizationGrantType.REFRESH_TOKEN.getValue().equals(e)){
                        throw new RuntimeException("暂时不支持REFRESH_TOKEN授权方式");
                    }
                    throw new RuntimeException();
                }).forEach(clientBuilder::authorizationGrantType);

        // 回调URI
        Arrays.stream(client.getRedirectUris().split(","))
                .forEach(clientBuilder::redirectUri);

        // Scopes 授权范围
        Arrays.stream(client.getScopes().split(","))
                .forEach(clientBuilder::scope);

        // 一些客户端设置
       clientBuilder.clientSettings(setting->{
           // 是否需要用户同意
           setting.requireUserConsent(client.getRequireUserConsent());
       });


        // 构建
        return clientBuilder.build();
    }




}
